Google dorks
Générateur de dorks personnel
Google, Bing, Yahoo dorks
Il s'agit des méthodes de recherches avancés des moteurs de recherches, en utilisant certaines fonctionnalité des moteurs de recherche que nous utilisons, nous somme parfois capable de retrouver du contenu sensible exposé sur internet.
Exemple de google dorks:
site:*target.com
site:*.*.target.com
site:*.*.*.target.com
site:*target.com filetype:pdf
site:target.* inurl:/admin
site:target.com intext:"index of /"
site:*target.com inurl:"/content/dam"
site:*target.com intitle:"index of" "docker-compose.yml"
site:*target.com intitle:"index of"|"access_token.json"
site:*target.com intitle:"index of" "config.json"
site:*target.com intitle:"index of" "service-Account-Credentials.json" | "creds.json"
site:*target.com intitle:"index of" "db.json"
site:*target.com intitle:"index of" "credentials.json"
site:*target.com intitle:"index of" "awsconfig.json"
site:*target.com filetype:csv admin
site:codepad.co "company"
site:scribd.com "company"
site:npmjs.com "company"
site:npm.runkit.com "company"
site:libraries.co "company"
site:ycombinator.com "company"
site:coggle.it "company"
site:papaly.com "company"
site:google.com "compagny"
site:trello.com "company"
site:prezi.com "company"
site:jsdelivr.net "company"
site:codepen.io "company"
site:codeshare.io "company"
site:sharecode.io "company"
site:pastebin.com "company"
site:repl.it "company"
site:gitter.im "company"
site:bitbucket.org "company"
site:zoom.us "company"
site:atlassian.com "company"
site:s3.amazonaws.com inurl:"company"
site:storage.googleapis.com "http://target.com"
inurl:gitlab "company"
intext:"index of" /etc/passwd
intext:"index of" /etc/shadow
"index.of" id_rsa inurl:target
"index.of" private.key inurl:target
"© target 20XX"
"© 20XX target"
inurl:ftp inurl:(http|https) "target" filetype:pdf
...
AWS S3 buckets
inurl:s3.amazonaws.com/legacy/
inurl:s3.amazonaws.com/uploads/
inurl:s3.amazonaws.com/backup/
inurl:s3.amazonaws.com/mp3/
inurl:s3.amazonaws.com/movie/
inurl:s3.amazonaws.com/video/
...
Autres stockages cloud
site:http://blob.core.windows.net "target.com"
site:http://googleapis.com "target.com"
site:http://drive.google.com "target.com"
site:dropbox.com/s "target.com"
site:box.com/s "target.com"
site:docs.google.com inurl:"/d/" "target.com"
Documentation API
inurl:/swagger-ui.html -github -gitlab -reddit -stackoverflow -medium
inurl:/api/swagger -github -gitlab -reddit -stackoverflow -medium
inurl:/api/v1/docs | inurl:/api/v2/docs | inurl:/api/v3/docs
inurl:/api/apidocs
CMS
#Drupal
intext:"Powered by Drupal" inurl:"/node/1" -drupal.com -drupal.org -github
inurl:"sites/all/modules/ckeditor" -drupalcode.org
#WordPress
intext:"Index" inurl:"wp-" -wordpress.org -stackexchange -github
inurl:"/wp-json/wp/v2/users/" "id":1,"name":" -wordpress.stackexchange.com -stackoverflow.com
inurl:"/wp-content/uploads"
inurl:"wp-register.php" -wordpress.com -wordpress.org -github
intitle:"index of" "wp-config.php.bak"
#Joomla
inurl:"/libraries/joomla/database/"
Frameworks
#Symfony
intitle:"index of" "symfony/config"
inurl:"_fragment" | inurl:"_profiler"
inurl:"_profiler/phpinfo"
inurl:"_profiler/open"
#Ruby on rails
inurl:"index.rb"
inurl:"/config/database.yml"
inurl:"/config/initializers/secret_token.rb"
inurl:"/db/seeds.rb"
inurl:"/db/development.sqlite3"
Git exposé
“index of” inurl:.git
intitle:"index of" .git/hooks/
filetype:git
Cache
Voir version de site web en cache:
cache:exemple.com/blabla
Monitoring
Il est également possible de recevoir des alertes à chaque nouveau résultat pour une recherche donnée avec google.
ressource: https://www.google.com/alerts
0xdork
0xdork est un outil de google dorking très simple et léger écrit en python.
Exemple d'utilisation:
$ ./oxdork -q site:*.target.com -c 30
ressource: https://github.com/rly0nheart/oxdork.git
Katana
Katana est un autre outil permettant de récupérer les réponse à une google dork.
Exemple d'utilisation:
$ python3 kds.py -g
ressource: https://github.com/TebbaaX/Katana
ressources:
Dernière mise à jour
Cet article vous a-t-il été utile ?